github/kube-bench
1
0
Fork 0
mirror of https://github.com/aquasecurity/kube-bench.git synced 2026-04-15 06:56:51 +00:00
Code Issues Packages Projects Releases Wiki Activity
1,002 Commits 13 Branches 100 Tags
40cdc1bfbb1bbc84ef4d54bd1226b73d8f327af3
Commit Graph

1002 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Andy Pitcher
40cdc1bfbb Fix test_items in cis-1.7 - node - 4.2.12 (#1469) 
Related issue: https://github.com/aquasecurity/kube-bench/issues/1468
 2023-07-02 10:50:07 +03:00
dependabot[bot]
e2e353a81a build(deps): bump actions/setup-go from 3 to 4 (#1402) 
Bumps [actions/setup-go](https://github.com/actions/setup-go) from 3 to 4.
- [Release notes](https://github.com/actions/setup-go/releases)
- [Commits](https://github.com/actions/setup-go/compare/v3...v4)

---
updated-dependencies:
- dependency-name: actions/setup-go
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: chenk <hen.keinan@gmail.com>
 2023-06-24 19:42:03 +03:00
dependabot[bot]
a727d73e8a build(deps): bump golang from 1.19.4 to 1.20.4 (#1436) 
Bumps golang from 1.19.4 to 1.20.4.

---
updated-dependencies:
- dependency-name: golang
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-06-10 18:07:26 +03:00
chenk
76c25b2db2 release: prepare v0.6.15 (#1455) 
Signed-off-by: chenk <hen.keinan@gmail.com>
v0.6.15 		2023-06-06 17:40:44 +03:00
KiranBodipi
ca8743c1f7 add support VMware Tanzu(TKGI) Benchmarks v1.2.53 (#1452) 
* add Support VMware Tanzu(TKGI) Benchmarks v1.2.53
with this change, we are adding
1. latest kubernetes cis benchmarks for VMware Tanzu1.2.53
2. logic to kube-bench so that kube-bench can auto detect vmware platform, will be able to execute the respective vmware tkgi compliance checks.
3. job-tkgi.yaml file to run the benchmark as a job in tkgi cluster
Reference Document for checks: https://network.pivotal.io/products/p-compliance-scanner/#/releases/1248397

* add Support VMware Tanzu(TKGI) Benchmarks v1.2.53
with this change, we are adding
1. latest kubernetes cis benchmarks for VMware Tanzu1.2.53
2. logic to kube-bench so that kube-bench can auto detect vmware platform, will be able to execute the respective vmware tkgi compliance checks.
3. job-tkgi.yaml file to run the benchmark as a job in tkgi cluster
Reference Document for checks: https://network.pivotal.io/products/p-compliance-scanner/#/releases/1248397
 2023-06-01 16:37:50 +03:00
dependabot[bot]
84f80b59b8 build(deps): bump alpine from 3.17 to 3.18 (#1443) 
Bumps alpine from 3.17 to 3.18.

---
updated-dependencies:
- dependency-name: alpine
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-05-26 13:41:30 +03:00
Huang Huang
60dde65d72 support CIS Amazon Elastic Kubernetes Service (EKS) Benchmark v1.2.0 (#1449) 
closes #1448
 2023-05-21 17:53:58 +03:00
Huang Huang
124c57c6f4 support CIS Kubernetes Benchmark v1.7.0 (#1424) 2023-05-21 15:46:16 +03:00
Huang Huang
e41755ba90 cis-1.24: fix tests of 1.1.1 and 4.2.9 were wrong (#1423) 
fixes #1410
fixes #1421
 2023-05-21 11:39:51 +03:00
dependabot[bot]
6de03bbd7d build(deps): bump github.com/aws/aws-sdk-go-v2 from 1.17.6 to 1.18.0 (#1433) 
Bumps [github.com/aws/aws-sdk-go-v2](https://github.com/aws/aws-sdk-go-v2) from 1.17.6 to 1.18.0.
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Changelog](https://github.com/aws/aws-sdk-go-v2/blob/main/CHANGELOG.md)
- [Commits](https://github.com/aws/aws-sdk-go-v2/compare/v1.17.6...v1.18.0)

---
updated-dependencies:
- dependency-name: github.com/aws/aws-sdk-go-v2
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: chenk <hen.keinan@gmail.com>
 2023-05-20 18:45:31 +03:00
chenk
c2880848f0 release: prepare v0.6.14 (#1446) 
Signed-off-by: chenk <hen.keinan@gmail.com>
v0.6.14 		2023-05-18 10:32:39 +03:00
wangxiaoer
968ee5814e replace with constant (#1445) 2023-05-16 11:41:49 +03:00
chenk
29c8f16167 release: prepare v0.6.14-rc (#1442) 
Signed-off-by: chenk <hen.keinan@gmail.com>
v0.6.14-rc 		2023-05-15 15:34:00 +03:00
Devendra Turkar
b0e49c8789 fix: ignore the error from findConfigFile (#1440) 
When we are trying to access a file from a directory which is not present then we get different error.
We dont have standard error method to check the msg so added string match for this case
 2023-05-15 15:01:30 +03:00
dependabot[bot]
e38c829dbc build(deps): bump gorm.io/gorm from 1.24.2 to 1.25.1 (#1437) 
Bumps [gorm.io/gorm](https://github.com/go-gorm/gorm) from 1.24.2 to 1.25.1.
- [Release notes](https://github.com/go-gorm/gorm/releases)
- [Commits](https://github.com/go-gorm/gorm/compare/v1.24.2...v1.25.1)

---
updated-dependencies:
- dependency-name: gorm.io/gorm
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-05-13 19:37:45 +03:00
chenk
8098489433 release: prepare v0.6.13 (#1429) 
Signed-off-by: chenk <hen.keinan@gmail.com>
v0.6.13 		2023-04-24 11:02:19 +03:00
Murali Paluru
b43f58dcda add darwin builds (#1428) 2023-04-18 21:15:05 +03:00
chenk
dd6573f3ed release: prepare v0.6.13-rc2 (#1426) 
Signed-off-by: chenk <hen.keinan@gmail.com>
v0.6.13-rc2 		2023-04-17 16:19:37 +03:00
Devendra Turkar
0ff5dd0b8e chore: Add license file for ubi image (#1425) 2023-04-17 16:07:31 +03:00
chenk
124a8b3a5a release: prepare v0.6.13-rc (#1416) 
Signed-off-by: chenk <hen.keinan@gmail.com>
v0.6.13-rc 		2023-04-10 13:59:13 +03:00
Rayan Das
c3b6871766 Fix version in policies.yaml (#1415) 2023-04-07 17:33:52 +03:00
Devendra Turkar
96c6b385ef chore: publish ubi based image (#1412) 
* chore: publish ubi based image

- added publish step to publish ubi image
- updated base image for alpine based dockerfile

* chore: update pipeline image to ubuntu-latest
 2023-04-05 13:02:36 +03:00
dependabot[bot]
9e41099cec build(deps): bump github.com/aws/aws-sdk-go-v2/service/securityhub (#1397) 
Bumps [github.com/aws/aws-sdk-go-v2/service/securityhub](https://github.com/aws/aws-sdk-go-v2) from 1.23.5 to 1.29.1.
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Changelog](https://github.com/aws/aws-sdk-go-v2/blob/main/CHANGELOG.md)
- [Commits](https://github.com/aws/aws-sdk-go-v2/compare/service/ecs/v1.23.5...service/s3/v1.29.1)

---
updated-dependencies:
- dependency-name: github.com/aws/aws-sdk-go-v2/service/securityhub
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: chenk <hen.keinan@gmail.com>
 2023-03-25 12:34:54 +03:00
Jack Henschel
0decc8a53f docs: Clarify how to run Job on OpenShift (#1401) 
Signed-off-by: Jack Henschel <jackdev@mailbox.org>
 2023-03-18 19:30:19 +02:00
dependabot[bot]
7aeb6c3977 build(deps): bump github.com/fatih/color from 1.13.0 to 1.14.1 (#1363) 
Bumps [github.com/fatih/color](https://github.com/fatih/color) from 1.13.0 to 1.14.1.
- [Release notes](https://github.com/fatih/color/releases)
- [Commits](https://github.com/fatih/color/compare/v1.13.0...v1.14.1)

---
updated-dependencies:
- dependency-name: github.com/fatih/color
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-03-11 09:29:38 +02:00
chenk
7d0d8ca993 release: prepare v0.6.12 (#1387) 
Signed-off-by: chenk <hen.keinan@gmail.com>
v0.6.12 		2023-02-23 13:30:56 +02:00
chenk
823f3e1064 release: prepare v0.6.12-rc (#1385) 
Signed-off-by: chenk <hen.keinan@gmail.com>
 2023-02-23 09:09:31 +02:00
Devendra Turkar
fc72a8a620 bugfix: false negative when audit_config file not found (#1376) 
In case of RKE, env error comes with exit status 1, so added OR codition to match with error text as well.

resolve: #1364
 2023-02-14 10:32:02 +02:00
chenk
c17b4dd2ba release: prepare v0.6.11 (#1371) 
Signed-off-by: chenk <hen.keinan@gmail.com>
v0.6.11 		2023-02-05 11:44:23 +02:00
dependabot[bot]
edff7f45a9 build(deps): bump gorm.io/driver/postgres from 1.4.5 to 1.4.6 (#1355) 
Bumps [gorm.io/driver/postgres](https://github.com/go-gorm/postgres) from 1.4.5 to 1.4.6.
- [Release notes](https://github.com/go-gorm/postgres/releases)
- [Commits](https://github.com/go-gorm/postgres/compare/v1.4.5...v1.4.6)

---
updated-dependencies:
- dependency-name: gorm.io/driver/postgres
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-02-04 22:15:32 +02:00
Devendra Turkar
b942ed3f0b bugfix: false negative when audit_config is defined along with audit and config file not found (#1367) 
Suppress the file not found error only when we have audit or auditEnv is defined and they have valid output captured.
As, we already have output from audit command. So we can proceed for our tests even though we didnt find config file.
file not found error: `failed to run: "/test/config.yaml", output: "/bin/sh: line 1: /test/config.yaml: No such file or directory\n", error: exit status 127`

Resolve: #1364
 2023-02-02 10:32:27 +02:00
Derek Nola
e1d1053358 Fix to empty grep and other cis-1.6-k3s checks (#1352) 
* Fix to empty grep and other k3s checks

Signed-off-by: Derek Nola <derek.nola@suse.com>

* Lint fix

Signed-off-by: Derek Nola <derek.nola@suse.com>

Signed-off-by: Derek Nola <derek.nola@suse.com>
 2023-01-13 18:06:57 +02:00
dependabot[bot]
07cd55da9c build(deps): bump k8s.io/client-go from 0.25.4 to 0.26.0 (#1354) 
Bumps [k8s.io/client-go](https://github.com/kubernetes/client-go) from 0.25.4 to 0.26.0.
- [Release notes](https://github.com/kubernetes/client-go/releases)
- [Changelog](https://github.com/kubernetes/client-go/blob/master/CHANGELOG.md)
- [Commits](https://github.com/kubernetes/client-go/compare/v0.25.4...v0.26.0)

---
updated-dependencies:
- dependency-name: k8s.io/client-go
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-01-10 16:25:57 +02:00
dependabot[bot]
e6d0056b8e build(deps): bump github.com/aws/aws-sdk-go-v2 from 1.17.2 to 1.17.3 (#1348) 
Bumps [github.com/aws/aws-sdk-go-v2](https://github.com/aws/aws-sdk-go-v2) from 1.17.2 to 1.17.3.
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Changelog](https://github.com/aws/aws-sdk-go-v2/blob/main/CHANGELOG.md)
- [Commits](https://github.com/aws/aws-sdk-go-v2/compare/v1.17.2...v1.17.3)

---
updated-dependencies:
- dependency-name: github.com/aws/aws-sdk-go-v2
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-12-30 20:57:17 +02:00
dependabot[bot]
9991268c85 build(deps): bump goreleaser/goreleaser-action from 3 to 4 (#1347) 
Bumps [goreleaser/goreleaser-action](https://github.com/goreleaser/goreleaser-action) from 3 to 4.
- [Release notes](https://github.com/goreleaser/goreleaser-action/releases)
- [Commits](https://github.com/goreleaser/goreleaser-action/compare/v3...v4)

---
updated-dependencies:
- dependency-name: goreleaser/goreleaser-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-12-22 16:45:05 +02:00
dependabot[bot]
465c16fe4b build(deps): bump golang from 1.19.3 to 1.19.4 (#1345) 
Bumps golang from 1.19.3 to 1.19.4.

---
updated-dependencies:
- dependency-name: golang
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-12-22 16:10:46 +02:00
dependabot[bot]
e08cf54cb0 build(deps): bump github.com/magiconair/properties from 1.8.6 to 1.8.7 (#1344) 
Bumps [github.com/magiconair/properties](https://github.com/magiconair/properties) from 1.8.6 to 1.8.7.
- [Release notes](https://github.com/magiconair/properties/releases)
- [Changelog](https://github.com/magiconair/properties/blob/main/CHANGELOG.md)
- [Commits](https://github.com/magiconair/properties/compare/v1.8.6...v1.8.7)

---
updated-dependencies:
- dependency-name: github.com/magiconair/properties
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-12-22 10:58:53 +02:00
dependabot[bot]
8f654a9fc6 build(deps): bump github.com/spf13/cobra from 1.6.0 to 1.6.1 (#1341) 
Bumps [github.com/spf13/cobra](https://github.com/spf13/cobra) from 1.6.0 to 1.6.1.
- [Release notes](https://github.com/spf13/cobra/releases)
- [Commits](https://github.com/spf13/cobra/compare/v1.6.0...v1.6.1)

---
updated-dependencies:
- dependency-name: github.com/spf13/cobra
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-12-22 10:50:01 +02:00
dependabot[bot]
4ccffb8fdd build(deps): bump github.com/spf13/viper from 1.13.0 to 1.14.0 (#1339) 
Bumps [github.com/spf13/viper](https://github.com/spf13/viper) from 1.13.0 to 1.14.0.
- [Release notes](https://github.com/spf13/viper/releases)
- [Commits](https://github.com/spf13/viper/compare/v1.13.0...v1.14.0)

---
updated-dependencies:
- dependency-name: github.com/spf13/viper
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-12-14 17:00:45 +02:00
dependabot[bot]
ec51394eb7 build(deps): bump github.com/aws/aws-sdk-go-v2/config (#1337) 
Bumps [github.com/aws/aws-sdk-go-v2/config](https://github.com/aws/aws-sdk-go-v2) from 1.17.8 to 1.18.4.
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Changelog](https://github.com/aws/aws-sdk-go-v2/blob/main/CHANGELOG.md)
- [Commits](https://github.com/aws/aws-sdk-go-v2/compare/config/v1.17.8...config/v1.18.4)

---
updated-dependencies:
- dependency-name: github.com/aws/aws-sdk-go-v2/config
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-12-05 16:50:23 +02:00
dependabot[bot]
e096229a5a build(deps): bump alpine from 3.16.2 to 3.17.0 (#1332) 
Bumps alpine from 3.16.2 to 3.17.0.

---
updated-dependencies:
- dependency-name: alpine
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-12-02 19:06:02 +02:00
dependabot[bot]
98742f014e build(deps): bump k8s.io/client-go from 0.25.2 to 0.25.4 (#1322) 
Bumps [k8s.io/client-go](https://github.com/kubernetes/client-go) from 0.25.2 to 0.25.4.
- [Release notes](https://github.com/kubernetes/client-go/releases)
- [Changelog](https://github.com/kubernetes/client-go/blob/master/CHANGELOG.md)
- [Commits](https://github.com/kubernetes/client-go/compare/v0.25.2...v0.25.4)

---
updated-dependencies:
- dependency-name: k8s.io/client-go
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-12-01 15:26:59 +02:00
dependabot[bot]
f959abe0da build(deps): bump ubi8/ubi-minimal from 8.6 to 8.7 (#1320) 
Bumps ubi8/ubi-minimal from 8.6 to 8.7.

---
updated-dependencies:
- dependency-name: ubi8/ubi-minimal
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-12-01 14:46:02 +02:00
dependabot[bot]
d5039002af build(deps): bump golang from 1.19.2 to 1.19.3 (#1318) 
Bumps golang from 1.19.2 to 1.19.3.

---
updated-dependencies:
- dependency-name: golang
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-12-01 14:35:26 +02:00
dependabot[bot]
ba23ef534a build(deps): bump gorm.io/driver/postgres from 1.3.10 to 1.4.5 (#1312) 
Bumps [gorm.io/driver/postgres](https://github.com/go-gorm/postgres) from 1.3.10 to 1.4.5.
- [Release notes](https://github.com/go-gorm/postgres/releases)
- [Commits](https://github.com/go-gorm/postgres/compare/v1.3.10...v1.4.5)

---
updated-dependencies:
- dependency-name: gorm.io/driver/postgres
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-11-30 16:01:32 +02:00
Huang Huang
bd8dd3adcc use $etcddatadir in more etcd related checks (#1331) 2022-11-28 07:58:06 +02:00
Huang Huang
865817dfda support customize datadir locations of etcd (#1330) 2022-11-25 15:32:49 +02:00
Huang Huang
3ccafa7be1 support CIS Kubernetes V1.24 Benchmark v1.0.0 (#1329) 2022-11-24 15:23:10 +02:00
dependabot[bot]
44eef9289e build(deps): bump github.com/spf13/cobra from 1.5.0 to 1.6.0 (#1308) 
Bumps [github.com/spf13/cobra](https://github.com/spf13/cobra) from 1.5.0 to 1.6.0.
- [Release notes](https://github.com/spf13/cobra/releases)
- [Commits](https://github.com/spf13/cobra/compare/v1.5.0...v1.6.0)

---
updated-dependencies:
- dependency-name: github.com/spf13/cobra
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-10-25 09:00:50 +03:00
dependabot[bot]
bb3c8e9685 build(deps): bump golang from 1.19.0 to 1.19.2 (#1299) 
Bumps golang from 1.19.0 to 1.19.2.

---
updated-dependencies:
- dependency-name: golang
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-10-17 20:24:30 +03:00